﻿/*----------------------------------------------------------------
  //Copyright (C) 2012 赵国伟
  //文件功能描述：商城Url防注入过滤；
  //创建人：赵国伟
  //生成时间：2012/03/19 20:50:00
//----------------------------------------------------------------*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web;

namespace Shopping.BLL
{

    public class URLSafeModule : IHttpModule
    {
        private static  HashSet<string> hashBadWords;
        public void Init(HttpApplication context)
        {
            context.BeginRequest += new EventHandler(context_BeginRequest);
        }

        private void context_BeginRequest(object sender, EventArgs e)
        {
            //string ex="防;防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare"
            string[] instr = new string[] { "xp_cmdshell", "drop table", " and ", "exec ", "insert ", "select ", "delete ", "update ", "count(", " * ", "chr(", "mid(", " master", "truncate ", "char(", "declare " };
            hashBadWords = new HashSet<string>(instr);
            //GET
            foreach (string paramValue in HttpContext.Current.Request.QueryString)
            {
                if (paramValue!= null && hashBadWords.Contains(paramValue.ToLower()))
                {
                    HttpContext.Current.Response.Write("系统提示:请不要在参数中包含非法字符尝试注入！");
                    HttpContext.Current.Response.End();
                }
            }
            //GET
            foreach (string paramValue in HttpContext.Current.Request.Form)
            {
                if (paramValue !=null && hashBadWords.Contains(paramValue.ToLower()))
                {
                    HttpContext.Current.Response.Write("系统提示:请不要在参数中包含非法字符尝试注入！");
                    HttpContext.Current.Response.End();
                }
            }
        }

        public void Dispose()
        {

        }

    }


}
